Requirements for publishing use case

Supported in:

Google SecOps SOAR

The simulation alerts in the use case are based on real alerts from a real product.
All entities are extracted when running the simulation alert in a clean environment.
All entities are extracted when running the real alert with the connector.
The playbook runs end to end without errors.
The final delivery is a ZIP file export that can be imported without errors into the Google Security Operations Marketplace.
When deployed, all the user has to do is configure the integrations to make the playbook run end to end with simulation alerts.

Need more help? Get answers from Community members and Google SecOps professionals.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-02-14 UTC.